|
Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.VirtualDirectory, and org.sleuthkit.datamodel.DataSource.
Public Member Functions | |
| LocalFilesDataSource (SleuthkitCase db, long objId, long dataSourceObjectId, String deviceId, String name, TskData.TSK_FS_NAME_TYPE_ENUM dirType, TskData.TSK_FS_META_TYPE_ENUM metaType, TskData.TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, String timezone, String md5Hash, String sha256Hash, String sha1Hash, TskData.FileKnown knownState, String parentPath) | |
| LocalFilesDataSource (SleuthkitCase db, long objId, long dataSourceObjectId, String deviceId, String name, TskData.TSK_FS_NAME_TYPE_ENUM dirType, TskData.TSK_FS_META_TYPE_ENUM metaType, TskData.TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, String timezone, String md5Hash, TskData.FileKnown knownState, String parentPath) | |
| String | getAcquisitionDetails () throws TskCoreException |
| String | getAcquisitionToolName () throws TskCoreException |
| String | getAcquisitionToolSettings () throws TskCoreException |
| String | getAcquisitionToolVersion () throws TskCoreException |
| long | getContentSize (SleuthkitCase sleuthkitCase) throws TskCoreException |
| Long | getDateAdded () throws TskCoreException |
| String | getDeviceId () |
| Host | getHost () throws TskCoreException |
| VirtualDirectory | getRootDirectory () |
| String | getTimeZone () |
| String | getUniquePath () throws TskCoreException |
| void | setAcquisitionDetails (String details) throws TskCoreException |
| void | setAcquisitionToolDetails (String name, String version, String settings) throws TskCoreException |
| void | setDisplayName (String newName) throws TskCoreException |
 Public Member Functions inherited from org.sleuthkit.datamodel.VirtualDirectory | |
| Content | getDataSource () throws TskCoreException |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.SpecialDirectory | |
| void | close () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| boolean | isDataSource () |
| boolean | isRoot () |
| Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| void | addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException |
| boolean | canRead () |
| void | close () |
| long | convertToImgOffset (long fileOffset) throws TskCoreException |
| List< TskFileRange > | convertToImgRanges (long fileOffset, long length) throws TskCoreException |
| boolean | exists () |
| long | getAtime () |
| String | getAtimeAsDate () |
| int | getAttributeId () |
| List< Attribute > | getAttributes () throws TskCoreException |
| short | getAttrId () |
| TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
| long | getCrtime () |
| String | getCrtimeAsDate () |
| long | getCtime () |
| String | getCtimeAsDate () |
| Content | getDataSource () throws TskCoreException |
| long | getDataSourceObjectId () |
| String | getDirFlagAsString () |
| TSK_FS_NAME_TYPE_ENUM | getDirType () |
| String | getDirTypeAsString () |
| FileSystem | getFileSystem () throws TskCoreException |
| Optional< Long > | getFileSystemObjectId () |
| int | getGid () |
| TskData.FileKnown | getKnown () |
| String | getLocalAbsPath () |
| String | getLocalPath () |
| String | getMd5Hash () |
| long | getMetaAddr () |
| String | getMetaFlagsAsString () |
| long | getMetaSeq () |
| TSK_FS_META_TYPE_ENUM | getMetaType () |
| String | getMetaTypeAsString () |
| String | getMIMEType () |
| String | getModesAsString () |
| long | getMtime () |
| String | getMtimeAsDate () |
| String | getNameExtension () |
| Optional< Long > | getOsAccountObjectId () |
| Optional< String > | getOwnerUid () |
| String | getParentPath () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| String | getSha1Hash () |
| String | getSha256Hash () |
| long | getSize () |
| TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
| int | getUid () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasFileSystem () |
| boolean | isDir () |
| boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
| boolean | isFile () |
| boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
| MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
| boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
| abstract boolean | isRoot () |
| boolean | isVirtual () |
| List< AbstractFile > | listFiles () throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| final int | read (byte[] buf, long offset, long len) throws TskCoreException |
| void | save () throws TskCoreException |
| void | save (CaseDbTransaction transaction) throws TskCoreException |
| void | setKnown (TskData.FileKnown knownState) |
| void | setMd5Hash (String md5Hash) |
| void | setMIMEType (String mimeType) |
| void | setSha1Hash (String sha1Hash) |
| void | setSha256Hash (String sha256Hash) |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| boolean | equals (Object obj) |
| Score | getAggregateScore () throws TskCoreException |
| List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
| ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
| long | getAllArtifactsCount () throws TskCoreException |
| List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
| List< Content > | getChildren () throws TskCoreException |
| int | getChildrenCount () throws TskCoreException |
| List< Long > | getChildrenIds () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Set< String > | getHashSetNames () throws TskCoreException |
| long | getId () |
| String | getName () |
| Content | getParent () throws TskCoreException |
| Optional< Long > | getParentId () throws TskCoreException |
| SleuthkitCase | getSleuthkitCase () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasChildren () throws TskCoreException |
| int | hashCode () |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| String | toString () |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
| long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Additional Inherited Members | |
| Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| static String | createNonUniquePath (String uniquePath) |
| static String | epochToTime (long epoch) |
| static String | epochToTime (long epoch, TimeZone tzone) |
| static long | timeToEpoch (String time) |
| Static Public Attributes inherited from org.sleuthkit.datamodel.VirtualDirectory | |
| static final String | NAME_CARVED = "$CarvedFiles" |
| static final String | NAME_UNALLOC = "$Unalloc" |
| Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| static final long | UNKNOWN_ID = -1 |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| void | finalize () throws Throwable |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
| void | setLocalPath (String localPath, boolean isAbsolute) |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| AbstractContent (SleuthkitCase db, long obj_id, String name) | |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
| final int | attrId |
| final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
| TSK_FS_NAME_FLAG_ENUM | dirFlag |
| final TSK_FS_NAME_TYPE_ENUM | dirType |
| final Long | fileSystemObjectId |
| final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
| TskData.FileKnown | knownState |
| String | md5Hash |
| final long | metaAddr |
| Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
| final int | metaSeq |
| final TSK_FS_META_TYPE_ENUM | metaType |
| final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
| final String | parentPath |
| String | sha1Hash |
| String | sha256Hash |
| long | size |
| final int | uid |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| long | parentId |
A local/logical files and/or directories data source.
NOTE: The DataSource interface is an emerging feature and at present is only useful for obtaining the object id and the device id, an ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this interface will extend the Content interface and the AbstractDataSource will become an abstract superclass.
Definition at line 37 of file LocalFilesDataSource.java.
| org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource | ( | SleuthkitCase | db, |
| long | objId, | ||
| long | dataSourceObjectId, | ||
| String | deviceId, | ||
| String | name, | ||
| TskData.TSK_FS_NAME_TYPE_ENUM | dirType, | ||
| TskData.TSK_FS_META_TYPE_ENUM | metaType, | ||
| TskData.TSK_FS_NAME_FLAG_ENUM | dirFlag, | ||
| short | metaFlags, | ||
| String | timezone, | ||
| String | md5Hash, | ||
| String | sha256Hash, | ||
| String | sha1Hash, | ||
| TskData.FileKnown | knownState, | ||
| String | parentPath | ||
| ) |
Constructs a local/logical files and/or directories data source.
| db | The case database. |
| objId | The object id of the virtual directory. |
| dataSourceObjectId | The object id of the data source for the virtual directory; same as objId if the virtual directory is a data source. |
| name | The name of the virtual directory. |
| dirType | The TSK_FS_NAME_TYPE_ENUM for the virtual directory. |
| deviceId | The device ID for the data source. |
| metaType | The TSK_FS_META_TYPE_ENUM for the virtual directory. |
| dirFlag | The TSK_FS_META_TYPE_ENUM for the virtual directory. |
| metaFlags | The meta flags for the virtual directory. |
| timezone | The timezone for the data source. |
| md5Hash | The MD5 hash for the virtual directory. |
| sha256Hash | The SHA-256 hash for the virtual directory. |
| sha1Hash | SHA-1 hash of the file, or null if not present |
| knownState | The known state for the virtual directory |
| parentPath | The parent path for the virtual directory, should be "/" if the virtual directory is a data source. |
Definition at line 72 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.knownState, and org.sleuthkit.datamodel.AbstractFile.metaType.
| org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource | ( | SleuthkitCase | db, |
| long | objId, | ||
| long | dataSourceObjectId, | ||
| String | deviceId, | ||
| String | name, | ||
| TskData.TSK_FS_NAME_TYPE_ENUM | dirType, | ||
| TskData.TSK_FS_META_TYPE_ENUM | metaType, | ||
| TskData.TSK_FS_NAME_FLAG_ENUM | dirFlag, | ||
| short | metaFlags, | ||
| String | timezone, | ||
| String | md5Hash, | ||
| TskData.FileKnown | knownState, | ||
| String | parentPath | ||
| ) |
Constructs a local/logical files and/or directories data source.
| db | The case database. |
| objId | The object id of the virtual directory. |
| dataSourceObjectId | The object id of the data source for the virtual directory; same as objId if the virtual directory is a data source. |
| name | The name of the virtual directory. |
| dirType | The TSK_FS_NAME_TYPE_ENUM for the virtual directory. |
| deviceId | The device ID for the data source. |
| metaType | The TSK_FS_META_TYPE_ENUM for the virtual directory. |
| dirFlag | The TSK_FS_META_TYPE_ENUM for the virtual directory. |
| metaFlags | The meta flags for the virtual directory. |
| timezone | The timezone for the data source. |
| md5Hash | The MD5 hash for the virtual directory. |
| knownState | The known state for the virtual directory |
| parentPath | The parent path for the virtual directory, should be "/" if the virtual directory is a data source. |
Definition at line 378 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, and org.sleuthkit.datamodel.AbstractFile.parentPath.
| String org.sleuthkit.datamodel.LocalFilesDataSource.getAcquisitionDetails | ( | ) | throws TskCoreException |
Gets the acquisition details field from the case database.
| TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 226 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| String org.sleuthkit.datamodel.LocalFilesDataSource.getAcquisitionToolName | ( | ) | throws TskCoreException |
Gets the acquisition tool name field from the case database.
| TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 250 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| String org.sleuthkit.datamodel.LocalFilesDataSource.getAcquisitionToolSettings | ( | ) | throws TskCoreException |
Gets the acquisition tool settings field from the case database.
| TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 239 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| String org.sleuthkit.datamodel.LocalFilesDataSource.getAcquisitionToolVersion | ( | ) | throws TskCoreException |
Gets the acquisition tool version field from the case database.
| TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 261 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| long org.sleuthkit.datamodel.LocalFilesDataSource.getContentSize | ( | SleuthkitCase | sleuthkitCase | ) | throws TskCoreException |
Gets the size of the contents of the data source in bytes. This size can change as archive files within the data source are expanded, files are carved, etc., and is different from the size of the data source as returned by Content.getSize, which is the size of the data source as a file.
| sleuthkitCase | The sleuthkit case instance from which to make calls to the database. |
| TskCoreException | Thrown when there is an issue trying to retrieve data from the database. |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 142 of file LocalFilesDataSource.java.
| Long org.sleuthkit.datamodel.LocalFilesDataSource.getDateAdded | ( | ) | throws TskCoreException |
Gets the added date field from the case database.
| TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 289 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| String org.sleuthkit.datamodel.LocalFilesDataSource.getDeviceId | ( | ) |
Gets the ASCII-printable identifier for the device associated with the data source. This identifier is intended to be unique across multiple cases (e.g., a UUID).
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 100 of file LocalFilesDataSource.java.
| Host org.sleuthkit.datamodel.LocalFilesDataSource.getHost | ( | ) | throws TskCoreException |
Gets the host for this data source.
| TskCoreException |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 273 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.HostManager.getHostByDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getHostManager(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| VirtualDirectory org.sleuthkit.datamodel.LocalFilesDataSource.getRootDirectory | ( | ) |
Returns the VirtualDirectory instance. /deprecated LocalFilesDataSource is already a VirtualDirectory.
Definition at line 88 of file LocalFilesDataSource.java.
| String org.sleuthkit.datamodel.LocalFilesDataSource.getTimeZone | ( | ) |
Gets the time zone that was used to process the data source.
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 110 of file LocalFilesDataSource.java.
| String org.sleuthkit.datamodel.LocalFilesDataSource.getUniquePath | ( | ) | throws TskCoreException |
Implements org.sleuthkit.datamodel.Content.
Definition at line 187 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.Content.getName().
| void org.sleuthkit.datamodel.LocalFilesDataSource.setAcquisitionDetails | ( | String | details | ) | throws TskCoreException |
Sets the acquisition details field in the case database.
| details | The acquisition details |
| TskCoreException | Thrown if the data can not be written |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 199 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| void org.sleuthkit.datamodel.LocalFilesDataSource.setAcquisitionToolDetails | ( | String | name, |
| String | version, | ||
| String | settings | ||
| ) | throws TskCoreException |
Sets the acquisition tool details such as its name, version number and any settings used during the acquisition to acquire data.
| name | The name of the acquisition tool. May be NULL. |
| version | The acquisition tool version number. May be NULL. |
| settings | The settings used by the acquisition tool. May be NULL. |
| TskCoreException | Thrown if the data can not be written |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 214 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| void org.sleuthkit.datamodel.LocalFilesDataSource.setDisplayName | ( | String | newName | ) | throws TskCoreException |
Set the name for this data source.
| newName | The new name for the data source |
| TskCoreException | Thrown if an error occurs while updating the database |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 122 of file LocalFilesDataSource.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
